Program Cobot Safety Zones to ISO Standards in 30 Minutes

Problem: Your Cobot Isn't ISO-Compliant

You've deployed a collaborative robot but your safety zone configuration is based on vendor defaults — not ISO standards. During a safety audit, this fails every time.

You'll learn:

How ISO/TS 15066 and ISO 10218-2 define safety zone requirements
How to program monitored zones (protective stop, speed reduction, power-and-force limiting)
How to validate your configuration before going live

Time: 30 min | Level: Intermediate

Why This Happens

Most cobot vendors ship with permissive defaults to make initial setup easy. Those defaults are not designed to satisfy ISO requirements out of the box. Integrators often skip the risk assessment step, treat the cobot's built-in safety functions as a substitute for proper zone design, and never map physical workspace boundaries to the robot's internal safety controller.

Common symptoms:

Safety auditor flags zones as "unverified" or "not risk-assessed"
Robot speed doesn't reduce when a human enters the collaboration zone
No documentation trail linking zone parameters to a risk assessment

The ISO Framework You Need to Know

Two standards govern cobot safety zone design.

ISO 10218-1 / -2 covers robot design (part 1) and system integration (part 2). Part 2 is what you act on as an integrator — it requires a risk assessment, defined operating modes, and documented safety functions for every installation.

ISO/TS 15066 extends this specifically to collaborative operation. It defines four collaboration modes and the biomechanical force/pressure limits that determine when contact becomes injurious.

The four collaboration modes from ISO/TS 15066:

Safety-rated monitored stop (SMS): Robot stops when human enters workspace
Hand guiding: Operator physically guides the robot; requires a dedicated enable device
Speed and separation monitoring (SSM): Robot slows or stops based on measured distance to the human
Power and force limiting (PFL): Robot operates at reduced speed/force so that any contact stays within biomechanical limits

Most production cobot cells use SSM, PFL, or a combination of both.

Solution

Step 1: Define Your Safety Zones on Paper First

Before touching software, produce a zone map. You need three concentric regions:

Collaborative zone: Where human-robot interaction is intentional. PFL limits apply here.
Monitored zone: Buffer region. Entering it triggers speed reduction (SSM).
Restricted zone: Prohibited during collaborative operation. Entering it triggers a protective stop.

Document the physical boundaries with a dimensioned drawing. This becomes part of your risk assessment record — auditors will ask for it.

Restricted Zone  |  Monitored Zone  |  Collaborative Zone  |  Robot
 (stop)          |  (slow to SSM)   |  (PFL active)        |
─────────────────┼──────────────────┼──────────────────────┼────────
 > 1500mm        |  500–1500mm      |  < 500mm             |  TCP

The distances above are illustrative. Your risk assessment determines actual values based on robot TCP speed, stopping time, and the minimum protective distance formula in ISO 13855.

Step 2: Calculate the Minimum Protective Distance

ISO 13855 gives the formula for how far a safety device must be positioned from the hazard zone:

S = (K × T) + C

Where:

S = minimum safety distance (mm)
K = approach speed of the human body part (mm/s) — ISO/TS 15066 Annex A uses 1600 mm/s for hand approach
T = total system stopping time (s) — measure this on your actual robot at the intended speed
C = intrusion depth before detection (mm) — depends on your area scanner resolution

# Minimum protective distance calculator (ISO 13855)
def min_protective_distance(K=1600, T_stop=0.5, C=8):
    """
    K: human approach speed mm/s (default 1600 per ISO/TS 15066 Annex A)
    T_stop: total stopping time in seconds (measure on your robot)
    C: intrusion depth mm (check your scanner datasheet)
    Returns: minimum distance in mm
    """
    S = (K * T_stop) + C
    return S

# Example: robot stops in 350ms, scanner intrusion depth 8mm
S = min_protective_distance(T_stop=0.35, C=8)
print(f"Minimum protective distance: {S} mm")
# Output: Minimum protective distance: 568.0 mm

If the result exceeds your available floor space: reduce the robot's collaborative speed until T_stop brings S within your layout constraints. This is the most common reason teams have to revisit robot speed settings.

Step 3: Configure Zones in the Safety Controller

The exact interface varies by platform (Universal Robots, FANUC CRX, KUKA LBR, ABB YuMi), but the logical structure is the same. Here's the configuration logic using UR's safety system as the reference — adapt field names to your platform.

# Pseudocode: safety zone configuration structure
# Maps to UR Safety Configuration, FANUC DCS, or equivalent

safety_config = {
    "zones": [
        {
            "id": "zone_restricted",
            "type": "PROTECTIVE_STOP",         # Triggers Cat 0 or Cat 1 stop
            "geometry": "CARTESIAN_BOX",
            "bounds": {
                "x_min": -1500, "x_max": 1500,  # mm from robot base
                "y_min": -1500, "y_max": 1500,
                "z_min": -200,  "z_max": 2000
            },
            "action": "STOP_CATEGORY_1",
            "sensor_input": "area_scanner_zone_A"
        },
        {
            "id": "zone_monitored",
            "type": "SPEED_REDUCTION",          # SSM: reduce TCP speed
            "geometry": "CARTESIAN_BOX",
            "bounds": {
                "x_min": -500, "x_max": 500,
                "y_min": -500, "y_max": 500,
                "z_min": -200, "z_max": 2000
            },
            "speed_limit_mm_s": 250,            # Derived from ISO/TS 15066 Annex A PFL table
            "action": "LIMIT_SPEED",
            "sensor_input": "area_scanner_zone_B"
        },
        {
            "id": "zone_collaborative",
            "type": "POWER_FORCE_LIMITING",     # PFL: contact forces within biomechanical limits
            "geometry": "CARTESIAN_BOX",
            "bounds": {
                "x_min": -300, "x_max": 300,
                "y_min": -300, "y_max": 300,
                "z_min": -200, "z_max": 2000
            },
            "tcp_force_limit_N": 50,            # Body-region specific — see ISO/TS 15066 Table A.2
            "tcp_speed_limit_mm_s": 100,
            "action": "PFL_ACTIVE"
        }
    ]
}

Expected: The safety controller accepts the configuration and reports no geometry conflicts between zones.

If it fails:

Overlapping zone boundaries: Safety controllers reject overlapping zones of different types. Make boundaries non-overlapping or make inner zones wholly contained in outer ones.
Speed limit exceeds controller maximum: The PFL speed must not exceed the value derived from your biomechanical limit calculation. Reduce it.

Step 4: Set Power and Force Limits per ISO/TS 15066 Table A.2

ISO/TS 15066 Annex A defines transient and quasi-static force/pressure limits by body region. These are the maximum allowable values — set your robot limits below them.

Body Region	Transient Force (N)	Quasi-Static Force (N)	Pressure (N/cm²)
Skull and forehead	130	65	110
Sternum	140	105	120
Upper arm / elbow	70	35	190
Hand / fingers	140	70	180
Thigh / knee	220	110	250
Lower leg / ankle	130	60	180

Identify which body regions can realistically contact the robot in your layout and use the most conservative applicable limit. Apply a safety margin of at least 10–15% below the ISO limit to account for sensor and measurement uncertainty.

# Force limit with safety margin
ISO_HAND_TRANSIENT_N = 140
SAFETY_MARGIN = 0.85  # 15% margin

configured_force_limit = ISO_HAND_TRANSIENT_N * SAFETY_MARGIN
print(f"Set TCP force limit to: {configured_force_limit:.0f} N")
# Output: Set TCP force limit to: 119 N

Verification

Run these checks before signing off on the installation.

Functional test — zone transitions:

# For UR robots: use the Safety I/O log in Polyscope
# For FANUC CRX: DCS monitor screen
# General test procedure:
# 1. With robot running at full collaborative speed
# 2. Trigger area scanner zone B (monitored zone)
# 3. Measure TCP speed — must be at or below SSM speed limit
# 4. Trigger zone A (restricted zone)
# 5. Robot must reach standstill within T_stop you used in your distance calculation

You should see: Measured TCP speed in zone B at or below your configured speed_limit_mm_s. Full stop in zone A within the measured T_stop.

Force measurement test:

Use a calibrated force measurement device (e.g., Pilz PMCprimo or equivalent) to measure actual contact force at the TCP and at body contact points. Measured values must be below your configured limit and below the ISO/TS 15066 Annex A values.

Documentation to produce:

Risk assessment (EN ISO 12100 format)
Zone map drawing (dimensioned, revision-controlled)
Safety function list with performance level (EN ISO 13849-1)
Validation test records with measured values and pass/fail

What You Learned

ISO 10218-2 governs integration; ISO/TS 15066 governs collaboration modes and biomechanical limits
Zone design starts on paper with a risk assessment — software config comes second
The ISO 13855 distance formula ties your robot's actual stopping time to your scanner placement
Force and speed limits must be derived from ISO/TS 15066 Table A.2 and applied with a measurement uncertainty margin

Limitations:

This covers Cartesian safety zones. Joint-space safety limits (joint torque, position limits) require separate configuration — consult your robot's functional safety manual.
PFL mode requires the robot itself to be certified as a PFL device (ISO 10218-1 clause 5.4.3). Not all cobots qualify in all configurations — check your robot's safety datasheet.
Changing zone parameters after validation invalidates your CE/OSHA documentation. Treat safety config as change-controlled.

Validated against ISO/TS 15066:2016, ISO 10218-2:2011, and ISO 13855:2010. Test procedures reference Universal Robots e-Series and FANUC CRX platforms. Consult a certified functional safety engineer (TÜV FSENG or equivalent) before final sign-off on a production installation.